Federated Identities 4.2 Flashcards
Server-Based Authentication
Web communication is “stateless communication”. This begs the question, how do you provide authentication for a first server request, and then allow that authentication to continue when the communication is stateless? Traditionally this is accomplished because the server keeps track of who’s logged in. This is done by providing a session ID to the user. When there is a new request, the server checks to see if that session is still valid.
Stateless Protocol
A stateless protocol is a communications protocol in which no session information is retained by the receiver, usually a server. Relevant session data is sent to the receiver by the client in such a way that every packet of information transferred can be understood in isolation, without context information from previous packets in the session. This property of stateless protocols makes them ideal in high volume applications, increasing performance by removing server load caused by retention of session information.
Token-Based Authentication
No session authentication. The server does not keep track of session ID’s but instead uses a stateless form for authentication. The server sends the client a token, and the client will store the token. Each time a request is made form the client, it includes the token along with the request. The server validates the token and responds. We see this used with Federation. Websites can partner and a token issued by one website, can be used on another website. Log in with Facebook, Google, or Twitter.
Security Assertion Markup Language (SAML)
This is an open standard for authentication and authorization. Shibboleth is open-source software that implements SAML to provide federated SSO. SAML defines the standard Shibboleth uses. Was not designed for mobile apps, so we don’s see it very much.
OAuth
Provides resource authorization. Created by Twitter, Google, many big techs. Usually combined with OpenID connect which handles the sign on. OAuth provides authorization between the different apps.